agenttesla | 87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265 | Triage

Submit
Reports

Overview

overview

Static

static

3

87a21393cc...65.exe

windows7-x64

87a21393cc...65.exe

windows10-2004-x64

Sharing

General

Target

87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265.exe
Size

719KB
Sample

240522-cczn3agf84
MD5

faab59c6da6c4e9a5d74ffd849f1ed91
SHA1

065293adb90f03c758908ba3e9bf6b3f72d02f5f
SHA256

87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265
SHA512

4e3a4d7df919b0aa86401f26c468623be22986f3668dd6a8501ac2a848246ff7d6e1c3e87034d734f1cb6f7e6ac94d2741f7d4bd8601e88e20889253c1f59c92
SSDEEP

12288:PdbZtdc5E2HyniuyPYVyOEbuCJ4vUzYeCDVoh+WboBQkx9qqoz8z9kByB:lFtdEYobxdj7B42y

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.atlantegypt.com
Port:
587
Username:
[email protected]
Password:
OL11121314ol
Email To:
[email protected]

Targets

- Target
  
  87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265.exe
- Size
  
  719KB
- MD5
  
  faab59c6da6c4e9a5d74ffd849f1ed91
- SHA1
  
  065293adb90f03c758908ba3e9bf6b3f72d02f5f
- SHA256
  
  87a21393ccd3a833e6b7481eaf2dd7f3889cafa097bfbf4e2c96160fbf12b265
- SHA512
  
  4e3a4d7df919b0aa86401f26c468623be22986f3668dd6a8501ac2a848246ff7d6e1c3e87034d734f1cb6f7e6ac94d2741f7d4bd8601e88e20889253c1f59c92
- SSDEEP
  
  12288:PdbZtdc5E2HyniuyPYVyOEbuCJ4vUzYeCDVoh+WboBQkx9qqoz8z9kByB:lFtdEYobxdj7B42y
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy